This paper proposes a reversible anonymisation scheme for XML messages that supports ne-grained enforcement of XACML-based privacy policies. Reversible anonymisation means that information in XML messages is anonymised, however the information required to reverse the anonymisation is cryptographically protected in the messages. The policy can control access down to octet ranges of individual elements or attributes in XML messages. The reversible anonymisation protocol eectively implements a multi-level privacy and security based approach, so that only authoried stakeholders can disclose condential information up to the privacy or security level they are authorised for. The approach furthermore supports a shared secret based scheme, where stakeholders need to agree to disclose condential information. Last, it supports time limited access to private or condential information. This opens up for improved control of access to private or condential information in XML messages used by a service oriented architecture. The solution provides horizontally scalable condentiality protection for certain types of big data applications, like XML databases, secure logging and data retention repositories.